Posted today
Unspecified
Mid Level Career (5+ yrs experience)
Unspecified
Aerospace and Aviation
Grand Rapids, MI (Off-Site/Hybrid)
Here is a neutralized and re-energized version of the job description. I’ve shifted the focus from specific aerospace branding to general High-Criticality Embedded Systems, which keeps the technical requirements intact while masking the specific client identity.
Senior Embedded Product Security Engineer
Role Summary
We are seeking a high-caliber Senior Product Security Engineer to join our specialized engineering team. In this role, you will act as the primary security architect and "evangelist" for a diverse portfolio of sophisticated embedded systems. You will collaborate directly with cross-functional development teams to lead threat modeling, conduct deep-dive architecture reviews, and validate security designs for mission-critical hardware and software.
The ideal candidate is a security-first engineer who thrives on solving complex vulnerabilities and can mentor development teams in the fine art of secure product lifecycles.
Core Responsibilities
Security Architecture & Design: Analyze complex product architectures to identify vulnerabilities, define threat vectors, and qualitatively assess risk for high-stakes environments.
Tactical Execution: Lead Threat Modeling (STRIDE/PASTA) and Architecture Risk Analysis (ARA) on next-generation embedded products.
Offensive & Defensive Testing: Audit and exploit systems under development to expose weaknesses; demonstrate proof-of-concept fixes to engineering leads.
Mentorship & Coaching: Guide developers in implementing advanced cryptography (PKI, Code Signing, TPM) and secure coding standards.
Lifecycle Management: Manage security requirements from initial concept through regulatory certification and continued airworthiness/reliability.
Vulnerability Response: Lead the analysis and validation of CVE patches and provide rapid response for security incidents reported in the field.
Process Innovation: Drive the adoption of innovative secure-by-design methods across the engineering organization.
Minimum Qualifications
Education/Experience: * Bachelor’s degree + 5 years of professional experience OR * Associate degree + 8 years of professional experience OR * High School Diploma + 10 years of professional experience.
Technical Base: Minimum of 5 years of hands-on experience specifically within embedded systems and applications.
Clearance: Must possess or be eligible to obtain a U.S. Department of Defense (DoD) security clearance.
Work Authorization: Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future.
Travel: Ability to travel up to 5% as required.
Technical Skills & Desired Characteristics
Coding Proficiency: Strong skills in at least one major embedded language
Security Tooling: Experience conducting static/dynamic code reviews (SAST/DAST) and applying penetration testing principles.
Framework Knowledge: Familiarity with high-assurance risk control frameworks (e.g., DO-326A, NIST CSF, NIST 800-53, or DoD RMF).
Hardware Security: Solid understanding of hardware-level security, including Secure Boot, Encryption at rest/transit, and Trusted Platform Modules (TPM).
Applied Cryptography: Deep knowledge of symmetric/asymmetric cryptography, authentication protocols, and digital signatures.
Communication: Proven ability to translate complex security risks into actionable technical requirements for non-security peers.
Senior Embedded Product Security Engineer
Role Summary
We are seeking a high-caliber Senior Product Security Engineer to join our specialized engineering team. In this role, you will act as the primary security architect and "evangelist" for a diverse portfolio of sophisticated embedded systems. You will collaborate directly with cross-functional development teams to lead threat modeling, conduct deep-dive architecture reviews, and validate security designs for mission-critical hardware and software.
The ideal candidate is a security-first engineer who thrives on solving complex vulnerabilities and can mentor development teams in the fine art of secure product lifecycles.
Core Responsibilities
Security Architecture & Design: Analyze complex product architectures to identify vulnerabilities, define threat vectors, and qualitatively assess risk for high-stakes environments.
Tactical Execution: Lead Threat Modeling (STRIDE/PASTA) and Architecture Risk Analysis (ARA) on next-generation embedded products.
Offensive & Defensive Testing: Audit and exploit systems under development to expose weaknesses; demonstrate proof-of-concept fixes to engineering leads.
Mentorship & Coaching: Guide developers in implementing advanced cryptography (PKI, Code Signing, TPM) and secure coding standards.
Lifecycle Management: Manage security requirements from initial concept through regulatory certification and continued airworthiness/reliability.
Vulnerability Response: Lead the analysis and validation of CVE patches and provide rapid response for security incidents reported in the field.
Process Innovation: Drive the adoption of innovative secure-by-design methods across the engineering organization.
Minimum Qualifications
Education/Experience: * Bachelor’s degree + 5 years of professional experience OR * Associate degree + 8 years of professional experience OR * High School Diploma + 10 years of professional experience.
Technical Base: Minimum of 5 years of hands-on experience specifically within embedded systems and applications.
Clearance: Must possess or be eligible to obtain a U.S. Department of Defense (DoD) security clearance.
Work Authorization: Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future.
Travel: Ability to travel up to 5% as required.
Technical Skills & Desired Characteristics
Coding Proficiency: Strong skills in at least one major embedded language
Security Tooling: Experience conducting static/dynamic code reviews (SAST/DAST) and applying penetration testing principles.
Framework Knowledge: Familiarity with high-assurance risk control frameworks (e.g., DO-326A, NIST CSF, NIST 800-53, or DoD RMF).
Hardware Security: Solid understanding of hardware-level security, including Secure Boot, Encryption at rest/transit, and Trusted Platform Modules (TPM).
Applied Cryptography: Deep knowledge of symmetric/asymmetric cryptography, authentication protocols, and digital signatures.
Communication: Proven ability to translate complex security risks into actionable technical requirements for non-security peers.
group id: 91099929
